By default, all Ethernet ports on Catalyst switches are set to auto-negotiated trunking mode. Auto-negotiated trunking allows switches to automatically negotiate ISL and 802.1Q trunks. The negotiation is managed by the Dynamic Trunking Protocol (DTP). Setting a port to auto-negotiated trunking mode makes the port willing to convert the link into a trunk link, and the port becomes a trunk port if the neighboring port is set as a trunk, or configured in desirable mode. At the same time, a port configured in desirable mode becomes a trunk if the neighboring port is set to trunk, desirable, or auto mode.
While the auto-negotiation of trunks facilitates the deployment of switches, anyone can take advantage of this feature and easily set up an illegitimate trunk. For this reason, auto-negotiation trunking should be disabled on all ports connecting to end users.
In Catalyst OS, auto-negotiated trunking can be disabled on a port using the set trunk off command. By default, auto-negotiated trunking is set to auto, which causes the port to become a trunk port if the neighboring port tries to negotiate a trunk link. Using the off keyword forces the port to become a nontrunk port and persuades the neighboring port to become a nontrunk port:
Console> (enable) set trunk mod/ports {on | off | desirable | auto | nonegotiate} [vlans | none] [isl | dot1q | dot10 | lane | negotiate]
This example shows how to disable auto-negotiation on port 2 on module 1:
Console> (enable)#set trunk 1/2 off
Port(s) 1/2 trunk mode set to off.
Console> (enable)
For more information on the set trunk command on the Catalyst 6500, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/cmd_ref/setsy
_tr.htm#wp1170006
For more information on the set trunk command on the Catalyst 4500, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/8_3/command/set_s_z.htm#wp1025473
To disable auto-negotiated trunking in Cisco IOS software, use the switchport mode access command. Setting the port mode to access makes the port a nontrunking, nontagged single VLAN Layer 2 interface:
Switch(config-if)# switchport mode {access | trunk | {dynamic {auto | desirable}} | dot1q-tunnel}
This example shows how to set a port as nontrunking, nontagged single-VLAN Layer 2:
Switch(config)# interface type slot/port
Switch(config-if)# switchport mode access
Switch(config-if)#
For more information on the switchport mode access command on the Catalyst 6500, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/s1.htm#wp1022676
For more information on the switchport mode access command on the Catalyst 4500, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_2_31s/cmdref/snmp
_vtp.htm#wp1210450
Many businesses find that they are able to get better security and better flexibility by signing up for private clouds. If you want to get more interesting details about keyword, you may go here.
BalasHapus